[Bug 2361] seccomp filter (not only) for aarch64
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Apr 22 12:17:25 AEST 2015
https://bugzilla.mindrot.org/show_bug.cgi?id=2361
--- Comment #5 from Damien Miller <djm at mindrot.org> ---
(In reply to Darren Tucker from comment #4)
> Comment on attachment 2561 [details]
> aarh64 patch
>
> >+#ifdef __NR_select /* not on AArch64 */
> > SC_ALLOW(select),
> > #endif
> >+#ifdef __NR_pselect6 /* AArch64 */
> >+ SC_ALLOW(pselect6),
> >+#endif
> >+#endif
>
> This nesting looks wrong and it's getting messy.
I can reindent, which makes it a bit clearer
#ifdef __NR__newselect
SC_ALLOW(_newselect),
#else
# ifdef __NR_select /* not on AArch64 */
SC_ALLOW(select),
# endif
# ifdef __NR_pselect6 /* AArch64 */
SC_ALLOW(pselect6),
# endif
#endif
Though maybe it is just better to allow each syscall based on its own
presence:
#ifdef __NR__newselect
SC_ALLOW(_newselect),
#endif
#ifdef __NR_select /* not on AArch64 */
SC_ALLOW(select),
#endif
#ifdef __NR_pselect6 /* AArch64 */
SC_ALLOW(pselect6),
#endif
> Could we put the __NR_$thing test inside the SC_ALLOW/SC_DENY macros?
How would this work? You can't have #if/#ifdef inside a #define
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list